[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 10 Sep 2021 13:11:11 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
dd5e3cb1 by security tracker role at 2021-09-10T20:10:49+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2021-40864 (The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for 
ONLYOFFIC ...)
+       TODO: check
+CVE-2021-40863
+       RESERVED
+CVE-2021-40862
+       RESERVED
+CVE-2021-40861
+       RESERVED
+CVE-2021-40860
+       RESERVED
+CVE-2021-40859
+       RESERVED
+CVE-2021-40858
+       RESERVED
+CVE-2021-40857
+       RESERVED
+CVE-2021-40856
+       RESERVED
+CVE-2021-40855
+       RESERVED
+CVE-2021-40854
+       RESERVED
+CVE-2021-40853
+       RESERVED
+CVE-2021-40852
+       RESERVED
+CVE-2021-40851
+       RESERVED
+CVE-2021-40850
+       RESERVED
 CVE-2021-40849
        RESERVED
 CVE-2021-40848
@@ -86,6 +116,7 @@ CVE-2021-3782
        RESERVED
 CVE-2021-3781 [Include device specifier strings in access validation]
        RESERVED
+       {DSA-4972-1}
        - ghostscript 9.53.3~dfsg-8 (bug #994011)
        [buster] - ghostscript <not-affected> (Vulnerable code introduced later)
        [stretch] - ghostscript <not-affected> (Vulnerable code introduced 
later)
@@ -1067,8 +1098,8 @@ CVE-2021-40375
        RESERVED
 CVE-2021-40374
        RESERVED
-CVE-2021-40373
-       RESERVED
+CVE-2021-40373 (playSMS before 1.4.5 allows Arbitrary Code Execution by 
entering PHP c ...)
+       TODO: check
 CVE-2021-40372
        RESERVED
 CVE-2021-40371
@@ -1123,8 +1154,7 @@ CVE-2021-40349
        RESERVED
 CVE-2021-40348
        RESERVED
-CVE-2021-40347 [Check a user owns the email they are trying to unsubscribe]
-       RESERVED
+CVE-2021-40347 (An issue was discovered in views/list.py in GNU Mailman 
Postorius befo ...)
        {DSA-4970-1}
        - postorius 1.3.5-1 (bug #993746)
        NOTE: 
https://gitlab.com/mailman/postorius/-/commit/3d880c56b58bc26b32eac0799407d74b64b7474b
@@ -3225,7 +3255,7 @@ CVE-2021-39373 (Samsung Drive Manager 2.0.104 on Samsung 
H3 devices allows attac
        NOT-FOR-US: Samsung
 CVE-2021-39372
        RESERVED
-CVE-2021-39371 (An XML external entity (XXE) injection in PyWPS before 4.5.0 
allows an ...)
+CVE-2021-39371 (An XML external entity (XXE) injection in PyWPS before 4.4.5 
allows an ...)
        {DLA-2754-1}
        - pywps 4.5.0-1
        [bullseye] - pywps <no-dsa> (Minor issue)
@@ -5303,7 +5333,7 @@ CVE-2021-38494
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38494
 CVE-2021-38493
        RESERVED
-       {DSA-4969-1}
+       {DSA-4969-1 DLA-2756-1}
        - firefox 92.0-1
        - firefox-esr 78.14.0esr-1
        - thunderbird 1:78.14.0-1
@@ -5615,34 +5645,34 @@ CVE-2021-38362
        RESERVED
 CVE-2021-38361
        RESERVED
-CVE-2021-38360
-       RESERVED
-CVE-2021-38359
-       RESERVED
-CVE-2021-38358
-       RESERVED
-CVE-2021-38357
-       RESERVED
+CVE-2021-38360 (The wp-publications WordPress plugin is vulnerable to 
restrictive loca ...)
+       TODO: check
+CVE-2021-38359 (The WordPress InviteBox Plugin for viral Refer-a-Friend 
Promotions Wor ...)
+       TODO: check
+CVE-2021-38358 (The MoolaMojo WordPress plugin is vulnerable to Reflected 
Cross-Site S ...)
+       TODO: check
+CVE-2021-38357 (The SMS OVH WordPress plugin is vulnerable to Reflected 
Cross-Site Scr ...)
+       TODO: check
 CVE-2021-38356
        RESERVED
-CVE-2021-38355
-       RESERVED
-CVE-2021-38354
-       RESERVED
-CVE-2021-38353
-       RESERVED
-CVE-2021-38352
-       RESERVED
-CVE-2021-38351
-       RESERVED
-CVE-2021-38350
-       RESERVED
-CVE-2021-38349
-       RESERVED
-CVE-2021-38348
-       RESERVED
-CVE-2021-38347
-       RESERVED
+CVE-2021-38355 (The Bug Library WordPress plugin is vulnerable to Reflected 
Cross-Site ...)
+       TODO: check
+CVE-2021-38354 (The GNU-Mailman Integration WordPress plugin is vulnerable to 
Reflecte ...)
+       TODO: check
+CVE-2021-38353 (The Dropdown and scrollable Text WordPress plugin is 
vulnerable to Ref ...)
+       TODO: check
+CVE-2021-38352 (The Feedify &#8211; Web Push Notifications WordPress plugin is 
vulnera ...)
+       TODO: check
+CVE-2021-38351 (The OSD Subscribe WordPress plugin is vulnerable to Reflected 
Cross-Si ...)
+       TODO: check
+CVE-2021-38350 (The spideranalyse WordPress plugin is vulnerable to Reflected 
Cross-Si ...)
+       TODO: check
+CVE-2021-38349 (The Integration of Moneybird for WooCommerce WordPress plugin 
is vulne ...)
+       TODO: check
+CVE-2021-38348 (The Advance Search WordPress plugin is vulnerable to Reflected 
Cross-S ...)
+       TODO: check
+CVE-2021-38347 (The Custom Website Data WordPress plugin is vulnerable to 
Reflected Cr ...)
+       TODO: check
 CVE-2021-38346
        RESERVED
 CVE-2021-38345
@@ -5653,38 +5683,38 @@ CVE-2021-38343 (The Nested Pages WordPress plugin &lt;= 
3.1.15 was vulnerable to
        NOT-FOR-US: WordPress plugin
 CVE-2021-38342 (The Nested Pages WordPress plugin &lt;= 3.1.15 was vulnerable 
to Cross ...)
        NOT-FOR-US: WordPress plugin
-CVE-2021-38341
-       RESERVED
-CVE-2021-38340
-       RESERVED
-CVE-2021-38339
-       RESERVED
-CVE-2021-38338
-       RESERVED
-CVE-2021-38337
-       RESERVED
-CVE-2021-38336
-       RESERVED
-CVE-2021-38335
-       RESERVED
-CVE-2021-38334
-       RESERVED
-CVE-2021-38333
-       RESERVED
-CVE-2021-38332
-       RESERVED
-CVE-2021-38331
-       RESERVED
-CVE-2021-38330
-       RESERVED
-CVE-2021-38329
-       RESERVED
-CVE-2021-38328
-       RESERVED
-CVE-2021-38327
-       RESERVED
-CVE-2021-38326
-       RESERVED
+CVE-2021-38341 (The WooCommerce Payment Gateway Per Category WordPress plugin 
is vulne ...)
+       TODO: check
+CVE-2021-38340 (The Wordpress Simple Shop WordPress plugin is vulnerable to 
Reflected  ...)
+       TODO: check
+CVE-2021-38339 (The Simple Matted Thumbnails WordPress plugin is vulnerable to 
Reflect ...)
+       TODO: check
+CVE-2021-38338 (The Border Loading Bar WordPress plugin is vulnerable to 
Reflected Cro ...)
+       TODO: check
+CVE-2021-38337 (The RSVPMaker Excel WordPress plugin is vulnerable to 
Reflected Cross- ...)
+       TODO: check
+CVE-2021-38336 (The Edit Comments XT WordPress plugin is vulnerable to 
Reflected Cross ...)
+       TODO: check
+CVE-2021-38335 (The Wise Agent Capture Forms WordPress plugin is vulnerable to 
Reflect ...)
+       TODO: check
+CVE-2021-38334 (The WP Design Maps &amp; Places WordPress plugin is vulnerable 
to Refl ...)
+       TODO: check
+CVE-2021-38333 (The WP Scrippets WordPress plugin is vulnerable to Reflected 
Cross-Sit ...)
+       TODO: check
+CVE-2021-38332 (The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin 
is vuln ...)
+       TODO: check
+CVE-2021-38331 (The WP-T-Wap WordPress plugin is vulnerable to Reflected 
Cross-Site Sc ...)
+       TODO: check
+CVE-2021-38330 (The Yet Another bol.com Plugin WordPress plugin is vulnerable 
to Refle ...)
+       TODO: check
+CVE-2021-38329 (The DJ EmailPublish WordPress plugin is vulnerable to 
Reflected Cross- ...)
+       TODO: check
+CVE-2021-38328 (The Notices WordPress plugin is vulnerable to Reflected 
Cross-Site Scr ...)
+       TODO: check
+CVE-2021-38327 (The YouTube Video Inserter WordPress plugin is vulnerable to 
Reflected ...)
+       TODO: check
+CVE-2021-38326 (The Post Title Counter WordPress plugin is vulnerable to 
Reflected Cro ...)
+       TODO: check
 CVE-2021-38325 (The User Activation Email WordPress plugin is vulnerable to 
Reflected  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-38324 (The SP Rental Manager WordPress plugin is vulnerable to SQL 
Injection  ...)
@@ -7789,10 +7819,10 @@ CVE-2021-37425 (Altova MobileTogether Server before 7.3 
SP1 allows XXE attacks,
        NOT-FOR-US: Altova MobileTogether Server
 CVE-2021-37424
        RESERVED
-CVE-2021-37423
-       RESERVED
-CVE-2021-37422
-       RESERVED
+CVE-2021-37423 (Zoho ManageEngine ADSelfService Plus 6111 and prior is 
vulnerable to l ...)
+       TODO: check
+CVE-2021-37422 (Zoho ManageEngine ADSelfService Plus 6111 and prior is 
vulnerable to S ...)
+       TODO: check
 CVE-2021-37421 (Zoho ManageEngine ADSelfService Plus 6103 and prior is 
vulnerable to a ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2021-37420
@@ -7800,15 +7830,15 @@ CVE-2021-37420
 CVE-2021-37419
        RESERVED
 CVE-2021-37418
-       RESERVED
+       REJECTED
 CVE-2021-37417 (Zoho ManageEngine ADSelfService Plus version 6103 and prior 
allows CAP ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2021-37416 (Zoho ManageEngine ADSelfService Plus version 6103 and prior is 
vulnera ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2021-37415 (Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable 
to authe ...)
        NOT-FOR-US: Zoho ManageEngine
-CVE-2021-37414
-       RESERVED
+CVE-2021-37414 (Zoho ManageEngine DesktopCentral version 10.1.2119.7 and prior 
allows  ...)
+       TODO: check
 CVE-2021-37413
        RESERVED
 CVE-2021-37412
@@ -9369,10 +9399,10 @@ CVE-2021-3648
        RESERVED
 CVE-2021-3647 (URI.js is vulnerable to URL Redirection to Untrusted Site ...)
        NOT-FOR-US: URI.js
-CVE-2021-3646
-       RESERVED
-CVE-2021-3645
-       RESERVED
+CVE-2021-3646 (btcpayserver is vulnerable to Improper Neutralization of Input 
During  ...)
+       TODO: check
+CVE-2021-3645 (merge is vulnerable to Improperly Controlled Modification of 
Object Pr ...)
+       TODO: check
 CVE-2021-3644
        RESERVED
        - wildfly <itp> (bug #752018)
@@ -11185,8 +11215,8 @@ CVE-2021-35978
        RESERVED
 CVE-2021-35977
        RESERVED
-CVE-2021-35976
-       RESERVED
+CVE-2021-35976 (The feature to preview a website in Plesk Obsidian 18.0.0 
through 18.0 ...)
+       TODO: check
 CVE-2021-35975
        RESERVED
 CVE-2021-35974
@@ -18045,8 +18075,8 @@ CVE-2021-33013
        RESERVED
 CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a 
remote, un ...)
        NOT-FOR-US: Rockwell
-CVE-2021-33011
-       RESERVED
+CVE-2021-33011 (All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus 
Series, ...)
+       TODO: check
 CVE-2021-33010
        RESERVED
 CVE-2021-33009
@@ -40042,8 +40072,8 @@ CVE-2021-21261 (Flatpak is a system for building, 
distributing, and running sand
        NOTE: https://www.openwall.com/lists/oss-security/2021/01/21/4
 CVE-2021-3146 (The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on 
Windows allow ...)
        NOT-FOR-US: Dolby Audio X2 (DAX2) API service
-CVE-2021-3145
-       RESERVED
+CVE-2021-3145 (In Ionic Identity Vault before 5, a local root attacker on an 
Android  ...)
+       TODO: check
 CVE-2021-3144 (In SaltStack Salt before 3002.5, eauth tokens can be used once 
after e ...)
        - salt 3002.5+dfsg1-1 (bug #983632)
        NOTE: 
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd5e3cb13f28f166b71906dc2dcd5aa8137695b7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd5e3cb13f28f166b71906dc2dcd5aa8137695b7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to